PASS TO SITE/FACILITY/COMMAND INFORMATION SYSTEM SECURITY OFFICER
(ISSO), SPECIAL SECURITY OFFICER (SSO), INFORMATION RESOURCE MANAGER
(IRM) AND AUTOMATED DATA PROCESSOR (ADP) COORDINATORS
SUBJECT: VMS SECURITY PATCH KIT / UPGRADE PROBLEM, ADDENDUM TO
BULLETIN 93-08 (AUTOMATED SYSTEM SECURITY INCIDENT SUPPORT TEAM
(ASSIST) BULLETIN 93-09).
1. DEC HAS RELEASED INFORMATION CONCERNING A PROBLEM CREATED IN
SYSTEMS UPGRADING TO OPENVMS VAX VERSION 5.3 TO V5.3-1 OR V5.3 TO
V5.3-2, AND OPENVMS VAX V5.5 TO V5.5-2 OR OPENVMS VAX V5.5-1 TO
V5.5-2. OPENVMS VAX VERSIONS AFFECTED:
UPGRADE PATHS V5.3 TO V5.3-1
V5.3-1 TO V5.3-2
V5.3 TO V5.3-2
V5.5 TO V5.5-2
V5.5-1 TO V5.5-2
A PROBLEM MAY OCCUR DURING AN UPGRADE TO A SYSTEM THAT PREVIOUSLY
INSTALLED THE SPECIFIC SECURITY KIT IDENTIFIED AS:
CSCPAT_1084010.A (COMBINED KIT FOR ALL OPENVMS VAX
VERSIONS AFFECTED. DSNLINK KIT.)
VAXSYS01_U2053.A OPENVMS V5.3, V5.3-1, V5.3-2
VAXSYS02_U2055.A OPENVMS V5.5, V5.5-1
THE SECURITY KIT MUST BE RE-APPLIED AFTER ALL OPENVMS VAX UPGRADES
FOR V5.0 THROUGH V5.5-2. ALL OTHER APPLICABLE VERSIONS OF OPENVMS
VAX AND THEIR SUPPORTED UPGRADE PATHS DO NOT EXHIBIT THIS SYMPTOM IF
THE SECURITY KIT (IDENTIFIED IN ASSIST 93-08) WAS INSTALLED BEFORE
UPGRADING TO THE NEXT HIGHER VERSION. ASSIST RECOMMENDS THAT UNTIL
OPENVMS VAX V6.0 OR OPENVMS AXP V1.5 IS INSTALLED, CONTACT YOUR
DIGITAL SERVICES SUPPORT ORGANIZATION TO OBTAIN THE MOST CURRENT
VERSION OF THE APPLICABLE SECURITY KIT IDENTIFIED IN ASSIST 93-08.
2. PROBLEM DESCRIPTION: FOLLOWING AN UPGRADE FROM OPENVMS VAX,
V5.3 TO V5.3-1
V5.3-1 TO V5.3-2
V5.3 TO V5.3-2
V5.5 TO V5.5-2
V5.5-1 TO V5.5-2
A PROBLEM DIRECTLY RELATED TO HAVING THE APPROPRIATE SECURITY KIT
(IDENTIFIED IN PAPRAGRAPH 1) INSTALLED PRIOR TO THE OPENVMS VAX
UPGRADES LISTED ABOVE MAY DEVELOP. THE PROBLEM MAY CAUSE THE SYSTEM
TO FAIL TO BOOT PROPERLY AT THE COMPLETION OF THE UPGRADE.
3. SOLUTION: IF YOU RENAMED THE IMAGES REPLACED FOLLOWING THE
INSTALLATION OF THE SECURITY KIT, RESTORE THE SAVED IMAGES PRIOR TO
UPGRADING OPENVMS VAX TO THE NEXT HIGHER RELEASE, THEN RE-APPLY THE
SECURITY KIT. THE IMAGES REPLACED BY THE SECURITY KIT IDENTIFIED IN
PARAGRAPH 1 ARE:
PAGE_MANAGEMENT.EXE AND IMAGE_MANAGEMENT.EXE
WHICH ARE PLACED IN THE DIRECTORY SYS$LOADABLE_IMAGES:
WARNING: TO PREVENT A RE-OCCURANCE OF THIS PROBLEM, ENSURE THAT NO
COPIES OF THE ABOVE IMAGES EXIST IN THE SYS$SPECIFIC:[SYS$LDR]
DIRECTORY. IF THE IMAGES REPLACED DURING THE SECURITY KIT
INSTALLATION CANNOT BE RESTORED, ENTER THE COMMANDS AS INDICATED
BELOW AFTER YOUR OPENVMS VAX UPGRADE COMPLETES. NOTE: IN EACH CASE,
THE SOLUTION BELOW IS A POST OPENVMS VAX UPGRADE EVENT.
A. FOR OPENVMS VAX V5.3 UPDATE PATHS
V5.3 TO V5.3-1
V5.3-1 TO V5.3-2
V5.3 TO V5.3-2
WHEN THE OPENVMS UPGRADE PROCESS HAS COMPLETED AND YOU ARE AT THE "$"
PROMPT, ISSUE THE FOLLOWING DCL PATCH STEPS AT THE CONSOLE TERMINAL,
AND FOLLOW THE INSTRUCTIONS FOR RE-BOOTING.
$ PATCH/UPDATE=(1) IMAGE_MANAGEMENT.EXE
SET ECO 1
REPL/INST 0A0F='BISB2 #01,B^1F(SP)'
'NOP'
EXIT
UPDATE
EXIT
PRESS THE HALT BUTTON, REBOOT THE SYSTEM, RE-INSTALL THE SECURITY
KIT, AND REBOOT AGAIN FOR THE SECURITY KIT INSTALLATION TO BECOME
EFFECTIVE.
B. FOR OPENVMS VAX V5.5 UPDATE PATHS
V5.5-1 TO V5.5-2
V5.5 TO V5.5-2
WHEN THE OPENVMS UPGRADE PROCESS HAS COMPLETED, INVOKE A
CONVERSATIONAL BOOT FROM THE SYSTEM CONSOLE BY ENTERING THE
FOLLOWING COMMANDS:
>>> B/1
SYSBOOT> SET/START=OPA0:
SYSBOOT> C
$ SET NOON
$ SET DEFAULT [VMS$COMMON.SYS$LDR]
$ PATCH/UPDATE=(1) IMAGE_MANAGEMENT.EXE
SET ECO 1
REPL/INST 0A2F='BISB2 #01,B^1F(SP)'
'NOP'
EXIT
UPDATE
EXIT
$
PRESS THE HALT BUTTON, REBOOT THE SYSTEM, RE-INSTALL THE SECURITY
KIT, AND REBOOT AGAIN FOR THE SECURITY KIT INSTALLATION TO BECOME
EFFECTIVE.
4. POINT OF CONTACT: ASSIST POINT OF CONTACT FOR THIS MATTER IS
PETE HAMMES, COMM (703) 696-1924/5/6, DSN 226. ASSIST CAN BE REACHED
24 HOURS PER DAY, COMMERCIAL PAGER (800) SKY-PAGE (800-759-7243), PIN
NUMBER 2133937. WHEN CALLING THE PAGER SERVICE, FOLLOW THE AUTOMATED
VOICE INSTRUCTIONS AND ENTER THE CALL BACK NUMBER AFTER THE PROMPT.
THE ASSIST DUTY OFFICER WILL CALL YOU BACK WITHIN 30 MINUTES. IF
FASTER SERVICE IS REQUIRED, PREFIX YOUR TELEPHONE NUMBER WITH "999",
AND THE ASSIST DUTY OFFICER WILL CALL BACK WITHIN 5 MINUTES. ASSIST
CAN BE REACHED VIA E-MAIL AT "DOD-CERT(AT-SIGN)DDN-CONUS.DDN.MIL".
BT